5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
40.2%
Announcement-ID: PMASA-2016-13
Date: 2016-02-25
Vulnerability allowing man-in-the-middle attack on API call to GitHub.
A vulnerability in the API call to GitHub can be exploited to perform a man-in-the-middle attack.
We consider this vulnerability to be serious.
Versions 4.5.x (prior to 4.5.5.1) are affected.
Upgrade to phpMyAdmin 4.5.5.1 or newer or apply patch listed below.
Assigned CVE ids: CVE-2016-2562
The following commits have been made on the 4.5 branch to fix this issue:
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.
CPE | Name | Operator | Version |
---|---|---|---|
phpmyadmin | le | 4.5.5.1 |
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
40.2%